Will Dreamhost be GDPR compliant?


#22

The GDPR law is pretty clear: if you transfer data from EU to USA, the USA entity needs to be Privacy Shield certified. I don’t see much margin of interpretation here, either Dreamhost becomes certified or EU customers cannot use their services anymore. Am I right? Any legal advise here?

Dreamhost, can you tell us your plans?


#23

@MariT we’re quite keen to get started with Dreamhost. Any news on an ETA for GDPR compliance?


#24

I also moved all our websites to an European company/server this week. Our personal deadline was 3 weeks before 25/5 so we could no longer wait. Unfortunately there was no concrete information from DreamHost, but we are on the safe side now. Was a great time with DreamHost, sad that we had no choice to stay…

All the best!


#25

I think we have to do the same, after many years with Dreamhost.

I am wondering if having the server in Europe is enough: there is a US hosting provider who also has server in Europe, is this acceptable? This point is still not completely clear to me.


#26

eoxx: Not sure if this is enough.
After we decided to move, we chose everything in Europe. You also have to make a contract with the hosting company. I think most European companies already have ready-made contracts, for us this task only took a couple of minutes. By having everything in Europe, you’re on the safe side, even if the EU should no longer accept Privacy Shield (remember Safe Harbor ;).


#27

@amw, if you don’t mind, who did you go with?


#28

We moved to two German companies, but I think this is the wrong place to post names or links to competitors.


#29

#30

@amw, the question is, will we as a UK business be GDPR compliant if we start hosting our website with Dreamhost?


#31

As far as I know, Privacy Shield certification is still required.

If you use an European hosting provider, you also need a signed data processing agreement and TOMs from the hosting provider that you have to add to your documentation. I’m not a lawyer, but I guess this is also required from DreamHost.

See also post from @eoxx at Is Dreamhost Privacy Shield certified?


#32

Oh thanks amw, I meant to ask MariT


#33

@MariT, Dreamhost may be GDPR compliant now but this seems to be more about your direct relationship with customers rather than providing GDPR compliant hosting services.

So, will we as a UK business be GDPR compliant if we start hosting our website with Dreamhost?


#34

The above thread seems to be mainly related to the May 25th GDPR of the EU, and not only simply related to the OP’s issues with GDPR (privacy laws of the EU).

The French website abeille-cyclotourisme.fr also needs to be GDPR-compliant. As far as its own data is concerned, I declare that none of the sites’ pages creates any cookies nor records any visitor’s personal data. None, niet, nada, nein, walou.

The sole exception to the above is the use, via DH Control Panel, of Google mail (abeille-cyclotourisme@abeille-cyclotourisme.fr). So google receives server info. Google seems to me to be GDPR-cumpliant, so this exception seems to be OK.

The last cause that I can imagine of potential non-compliance to GDPR requirements would be the preservation on Dreamhost servers of log data, which log data contains visitors’ information such as IP addresses.

Can Dreamhost certify that it deletes log data ? right away ? Same day ? Otherwise, can it certify that what it does with them is GDPR-compliant ?

Other than the above, is there any reason for Dreamhost to be non-compliant with GDPR ?

Concluding statements by Dreamhost ? TIA.


#35

Hi @michel_angelo and @christiaan,

If you have additional questions regarding GDPR, we please ask that you submit them to our Legal team at abuse@dreamhost.com.

They would be happy to address any additional questions you have.

Thank you!


#36

And we ask that Dreamhost address these issues here, in the public forum, so that we all can read and contribute to the discussion that affects us directly.


#37

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.